Location has higher precedence than Directory.  It's merged after, not before.

On Tue, Sep 24, 2013 at 6:05 AM, King Holger (CI/AFP2)
<holger.k...@de.bosch.com> wrote:
> Dear Apache community,
>
> we just wonder why when using the following configuration:
>
> # allow using the "/" directory of this virtual host by all
> <Location />
>     Require all granted
> </Location>
>
> Alias /fslogs /opt/wcms/fs4/log
> <Directory /opt/wcms/fs4/log>
>     IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log
>     IndexOptions +FancyIndexing
>     Options +Indexes
>
>     AuthType Basic
>     AuthName "Restricted access"
>     AuthBasicProvider file
>     AuthUserFile /tmp/passwd
>     Require valid-user
> </Directory>
>
> the default handling of overwriting access directives in sub contexts does 
> not work properly (AuthMerging off). Might it be due to the two directives 
> "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just 
> authenticated and valid users should have access. So, access should be 
> limited. Instead we see that everybody can browse the directory.
>
> Kind regards,
> Holger King
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>



-- 
Eric Covener
cove...@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to